2FA flaw in PayPal's login portal fixed

A two-factor authentication (2FA) vulnerability affecting PayPal's login portal process has been patched. Security researcher Shawar Khan notified the online payment company of the high-severity flaw in May and he was awarded an undisclosed bug bounty in July.

The vulnerability affects the PayPal's UK login portal and preview portal's interaction with the API. According to a Vulnerability Labs' security advisory, the Paypal preview login portal is missing a verification mechanism. “When logged in via PayPal UK login portal, it checks if the user account is already signed in from any other portal,” the advisory stated. PayPal issued 6.2 Common Vulnerability Scoring System rating.

A researcher disclosed a flaw in April that could have been exploited by an attacker to embed malicious code into the email headings sent via PayPal's portal.

In December 2015, a researcher discovered a critical vulnerability in one of PayPal's business websites that allowed remote code execution. The researcher, Michael “Artsploit” Stepankin, stated that he was able to exploit the flaw to gain access to production databases.

SC Media UK arms cyber-security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.